- IPFire-3.x - Update from version 5.7-2 to 6.3-1 - Changelog 6.3 (03 Sep 2023): - Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL - Bug 4981: Work around in-call job invalidation bugs - basic_smb_lm_auth: fix 'no previous declaration' warnings - CacheManager: require /squid-internal-mgr/ URL path prefix - ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion] - ... and some documentation changes 6.2 (06 Aug 2023): - Bug 5187: Work around REQMOD satisfaction regression - Bug 5290: pure virtual call in Ftp::Client constructor - Fix memory leak when reconfiguring multiline all-of ACLs - ... and a lot of code cleanups - ... and some portability fixes on GNU/Hurd and MSWindows 6.1 (06 Jul 2023): - Bug 5278: Log %err_code for "early" request handling errors - Do not cache (and do not serve cached) cache manager responses - Fix key equality comparison in LookupTable map - Honor DNS RR TTLs larger than negative_dns_ttl - ... and some documentation changes 6.0.3 (07 Jun 2023): - Bug 5148: Log %Ss of failed tunnels as TCP_TUNNEL - Do not leak Security::CertErrors created in X509_verify_cert() - Do not erase aborted StoreMap entries that are still being read - Fix build in environments lacking syslog - Fix build failures in some environments due to time_t type conflicts in libdebug - Remove obsolete caddr_t - ... and some documentation changes 6.0.2 (30 Apr 2023): - Avoid excessive disk I/O in some environments - ... and several build and portability fixes - ... and all fixes from 5.9 6.0.1 (28 Feb 2023): - Bug 5256: Intercepting port fails to accept - Bug 5241: Block all non-localhost requests by default - Bug 5241: Block to-localhost, to-link-local requests by default - Bug 5232: Fix GCC v12 build [-Wuse-after-free] - Bug 5211: support.cc:355: "!filledCheck->sslErrors" assertion - Bug 5194: Remove all unused debug sections - Bug 5162: mgr:index URL do not produce MGR_INDEX template - Bug 5129 pt1: remove Lock use from HttpRequestMethod - Bug 5128: Translation: Fix % i typo in es/ERR_FORWARDING_DENIED - Bug 5021: Add a script to fix spelling error with codespell - Bug 4946: client_side_request.cc: "request != newRequest" - Bug 4832: '!schemeAccess' assertion on exit - Bug 4572: squidclient: Remove deprecated cache_object:// support - Bug 4528: ICAP transactions quit on async DNS lookups - Add scripts/trace-context.pl: a debugging tool - Remove cache_diff tool - Remove membanger tool - Remove pconn-banger tool - Remove recv-announce tool - Remove send-announce tool - Remove tcp-banger* tools - Remove ufsdump tool - Remove support for Gopher protocol - Remove support for unused libbsd - Remove bundled GnuRegex library - Remove CPU profiler mechanism - Remove leakfinder (--enable-leakfinder) - Remove --enable-kill-parent-hack - Remove --disable-loadable-modules - Remove unused/disabled/broken LEAK_CHECK_MODE code - Remove SCO 3.2 support - Remove m88k-specific support - Remove NeXTSTEP support - Remove HPUX compiler support - Remove CBDATA debugging - Require C++17 - cachemgr.cgi: Remove deprecated cache_object:// support - ext_kerberos_ldap_group_acl: Support -b with -D - ext_lm_group_acl: Improved username handling - negotiate_wrapper: ensure null-termination of strings - pinger: Fix MAX_PKT{4,6}_SZ to account for icmpEchoData padding - HTTP: Replaced X-Cache and X-Cache-Lookup headers with Cache-Status - HTTP: Update Host, Via, and other headers in-place when possible - HTTP: Update status code 413 compliance - RFC 9110: Reject different HTTP requests with unusual framing - RFC 9111: Stop treating Warning specially - RFC 9113: update documentation references - RFC 9218: Priority header registration - SSL-Bump: Remove step2+ stare-and-splice and peek-and-bump support - TLS: Do not send more than one self-signed certificate - TLS: Sort CA certificates in tls-cert=bundle - TLS: Preserve configured order of intermediate CA certificate chain - WCCP: Validate packets better - CI: Support "negative" squid-conf-tests - CI: Maintenance: Support custom astyle versions - CI: test-builds.sh: in case of error dump full log - CI: Add --progress option to test-builds.sh - CI: Change time_units test to also work on 32bit systems - CI: Maintenance: Update astyle version to 3.1 - Add cache_log_message directive - Add paranoid_hit_validation directive - Add tls_key_log to report TLS communication secrets - Add %busy_time logformat code - Add %transport::>connection_id logformat code - Add %request_attempts logformat code - Warn about some bad from-helper annotations - Ban acl key changes in req_header, rep_header, and note ACLs - Optimize ephemeral port reuse with IP_BIND_ADDRESS_NO_PORT - Honor httpd_suppress_version_string in more contexts - Honor ftp_port worker-queues option - Log early level-0/1 debugs() messages to cache_log - Support reliable zeroing of sensitive buffers - Do not overwrite caching bans - Do not blame cache_peer for 4xx CONNECT responses - Mimic GET reforwarding decisions when our CONNECT fails - Discarded connections do not contribute to forward_max_tries - Honor assertions during shutdown - Do not stop listening after "ERROR: NAT/TPROXY lookup failed..." - Do not skip problematic regexes in ACLs - Improve coredump_dir on FreeBSD and Solaris based OS - Avoid reverse DNS lookups when logformat %>A is unused - BUG: Unexpected state while connecting to ... server - Properly track (and mark) truncated store entries - Support "file" syntax for 'squid_error' and 'has' ACL parameters - Allow sending "squid -k ..." signals to PID 1 - Remove bogus "found KEY_PRIVATE" WARNINGs - Avoid "BUG #3329: Lost orphan ..." during accept problems - Report SMP store queues state (mgr:store_queues) - Remove 8K limit for single access.log line - Rename ./configure option --with-libxml2 to --with-xml2 - Rename ./configure option --with-libcap to --with-cap - Match ./configure --help parameter names with their defaults - Remove broken -sha1 option from server_cert_fingerprint - Fix typo in manager ACL - Fix milliseconds in certain cache.log messages - Fix ignore-cc/act-as-origin in wildcard split-stack ports - Fix comm.cc:644: "address.port() != 0" assertion - Fix StoreMap.cc "anchorAt(anchorId).reading()" assertions - Fix double-free segmentation fault on shutdown - Fix client_side_request.cc:2028 "request->method.id()" assertion - Fix reconfiguration leaking tls-cert=... memory - Fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY handling - Fix "mem_obj->inmem_lo == 0" assertion in StoreEntry::swapOut() - Fix TCP keepalive - Fix SslBump reconfiguration leaking public key memory - Fix socket accounting for TCP accept() - ... and many documentation changes - ... and much code cleanup and polishing - ... and all fixes from 5.8 5.9 (30 Apr 2023): - Improve reply_body_max_size matching accuracy - ... and some documentation changes - ... and many portability fixes 5.8 (28 Feb 2023): - Bug 5162: mgr:index URL do not produce MGR_INDEX template - Bug 5241: Block all non-localhost requests by default - Bug 5241: Block to-localhost, to-link-local requests by default - ext_kerberos_ldap_group_acl: Support -b with -D - Fix ACL type typo in req_header, rep_header key-changing ERRORs - ... and several compile fixes - ... and some code cleanup and polishing

Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- squid/squid.nm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/squid/squid.nm b/squid/squid.nm index 053c05543..0441ae658 100644 --- a/squid/squid.nm +++ b/squid/squid.nm @@ -4,10 +4,10 @@ ###############################################################################

name = squid -major_ver = 5 -minor_ver = 7 +major_ver = 6 +minor_ver = 3 version = %{major_ver}.%{minor_ver} -release = 2 +release = 1

groups = Networking/Daemons url = https://www.squid-cache.org/